Cryptology ePrint Archive: Report 1999/024

A tool for obtaining tighter security analyses of pseudorandom function based constructions, with applications to PRP to PRF conversion

M. Bellare and R. Impagliazzo

Abstract: We present a general probabilistic lemma that can be applied to upper bound the advantage of an adversary in distinguishing between two families of functions. Our lemma reduces the task of upper bounding the advantage to that of upper bounding the ratio of two probabilities associated to the adversary, when this ratio is is viewed as a random variable. It enables us to obtain significantly tighter analyses than more conventional methods.

In this paper we apply the technique to the problem of PRP to PRF conversion. We present a simple, new construction of a PRF from a PRP that makes only two invocations of the PRP and has insecurity linear in the number of queries made by the adversary. We also improve the analysis of the truncation construction.

Category / Keywords: Pseudorandom functions, pseudorandom permutations, provable security, birthday attacks.

Publication Info: Appeared in the THEORY OF CRYPTOGRAPHY LIBRARY and has been included in the ePrint Archive.

Date: received December 12th, 1999.

Contact author: russell at cs ucsd edu

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | BibTeX Citation

Short URL: ia.cr/1999/024

Discussion forum: Show discussion | Start new discussion